Over the weekend, the Toorcon security conference in San Diego showcased a next-generation VoIP sniffer. Trust no one, and that goes double if they are on your side of the firewall.
The UCSniff tool, created by VoIP Hopper author and director of Sipera's VIPER VoIP vulnerabilities lab Jason Ostrom, has two settings for mischief. One is a learning mode that sniffs IP traffic and maps phone extensions to specific IP addresses. By default, it captures all the calls and saves them to .WAV files, says CNET news.
Once you have a map of phones to IP addresses, an attacker could use UCSniff to listen to all the VoIP conversations made by a specific mode. If that's not exciting enough, a second model allows for monitoring calls made exclusively between two extensions.
Readers should note that Ostrom's presentation outlines scenarios for the "trusted insider" within the corporation that has access to an organization's VoIP infrastructure and calls for consideration of internal controls and best practices to prevent VoIP eavesdropping.
For more:
- CNet blogs about Toorcon VoIP security session. Posting [1].
Related articles
VoIP Security and the Circle of Trust [2]
Last Hope Launches Security Season [3]
Links:
[1] http://news.cnet.com/8301-1009_3-10052393-83.html
[2] http://www.fiercevoip.com/story/voip-security-and-circle-trust/2008-05-06
[3] http://www.fiercevoip.com/story/last-hope-launches-security-season/2008-07-20?utm_medium=rss&utm_source=rss&cmp-id=OTC-RSS-FV0